Mark Murphy: > On Wed, Mar 2, 2016, at 16:31, cketti wrote: >> On 24.02.2016 21:12, Hans-Christoph Steiner wrote: >>> Anyone have any pointers? NetCipher should really fully support SNI. >> >> This might help: https://github.com/k9mail/k-9/pull/718 > > HttpClient has the same SNI problem, even without NetCipher. Their fix > (https://wiki.apache.org/HttpComponents/SNISupport) is akin to yours. > > I really dislike using reflection hacks for workarounds, but I'm > guessing that there aren't other options here. > > Thanks for pointing this out!
I think that using reflection to bring old platforms up to standard is worth doing. The risks of it breaking in the future are very low, since the old platforms are unlikely to change, especially with Android, where the lack of updates is the real problem. In K-9, this situation is easier to do since they are just dealing with direct SSLSocket instances. With NetCipher, we're dealing with the HTTP APIs, so for example, to change the SocketFactory with HttpURLConnection, we have to provide an instance of SSLSocketFactory, i.e.: HttpsURLConnection.setSSLSocketFactory() Also, to use the K-9 technique that does not use reflection, TlsOnlySocketFactory will need to be a subclass of SSLCertificateSocketFactory rather than SSLSocketFactory. I think that's probably the best approach. .hc -- PGP fingerprint: EE66 20C7 136B 0D2C 456C 0A4D E9E2 8DEA 00AA 5556 https://pgp.mit.edu/pks/lookup?op=vindex&search=0xE9E28DEA00AA5556 _______________________________________________ List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev To unsubscribe, email: [email protected]
